Malicious Office (OLE) / .11 — malware analysis report

Static analysis result for SHA-256 fa53b14bab3c9bad…

MALICIOUS

Office (OLE) / .11

1.04 MB Created: 2005-09-27 09:13:03 Authoring application: Microsoft Excel
MD5: 7c13ddd9ee728a21d218ab86279c3fe4 SHA-1: 3863ae92e9ccfe8fb47d93f52e5b93aec50aba1a SHA-256: fa53b14bab3c9bad59d8c5b8843ce13f8c1e08e7e1d271f96ce94e75abf5b7dc
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059.001 PowerShell

The file is an Excel spreadsheet containing a large VBA macro. The heuristic 'OLE_VBA_CREATEOBJ' indicates the macro likely uses CreateObject to execute commands or download additional payloads. The document body content appears to be related to network cell configuration, which is likely a lure to disguise the malicious macro's true purpose. No specific IOCs were extracted, but the presence of a large, obfuscated macro suggests a downloader or droppper functionality.

Heuristics 2

  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
d86ad66f45bd76cd15b919ecefabab245a3b37a527b1f916053bbd3d894d5ad8		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 197094 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.